Pharming is a type of Internet fraud in which an attempt is made to redirect Internet users from legitimate websites to fraudulent or potentially malicious ones. It is somewhat similar to “phishing,” in which a person is sent an email or other type of “bait” message in an attempt to have that person click on a link in the email. This link directs him or her to a false website similar to a legitimate one in the hopes that he or she will enter sensitive or private information that is then gathered by the malicious website. Pharming, however, attempts to redirect computer users to fraudulent websites without any type of bait message or other action by a user.
While both types of fraud seek to direct a computer user to a malicious website where private information can be gathered, phishing requires a user to click on a link or otherwise actively be directed to the fraudulent website. Pharming attacks seek to inherently corrupt the process by which a person accesses Internet websites, in order to redirect a person to a malicious website without the user ever knowing an attack is occurring. This process can be achieved principally by one of two methods: either through a compromised Domain Name System (DNS) server or a compromised router or network.
The most potentially devastating type of pharming attack would involve corrupting or “poisoning” a DNS server. DNS servers direct Internet users to websites by converting textual hostnames such as www.wisegeek.com into numerical Internet protocol (IP) addresses that servers recognize. This process allows a user to type in an easily remembered hostname and be properly directed to a site that actually has a numerical address on the Internet.
By poisoning a DNS server, a pharming attack would allow an attacker to redirect large numbers of users from the legitimate website to a malicious website, without the users ever realizing an attack has occurred. The users would have typed the correct hostname but would be directed by the poisoned DNS server to the IP address of the malicious website. This website could then install malicious software onto the users’ computers, or simply appear legitimate and wait for the users to enter private information for fraudulent purposes.
A router or other type of network hardware can also be utilized as part of a pharming attack. This could be achieved through malicious software that rewrites the firmware built into the device. Firmware is the software installed within a device itself, such as a router, which handles the basic functions of the device regardless of the other hardware or software used with it.
In routers and network servers, this firmware usually includes directions for which DNS server the system should use. A pharming attack could potentially change this firmware to indicate a specific DNS server controlled by the person coordinating the attack, or that has already been poisoned. Unfortunately, antivirus and firewall programs cannot protect users from pharming attacks, and more sophisticated programs are usually needed to secure network servers and routers.